Control Values: File/Directory Permissions (Windows)
Click here to view navigation pane

Control Values: File/Directory Permissions (Windows)

Some controls identify the permissions that are set on a Windows file or folder for different user groups and individual users. To save space, we assign each permission a letter (A,B,C,D,...) and use the letter instead of the full permission name.

This table maps each letter to the permission it represents.

Value

Permission

A

Write Attributes

B

Read Attributes

C

Delete Child (This is a hidden permission that is set when groups or users have Full Control permission on a directory.)

D

Traverse folder / Execute file

E

Write extended

F

Read extended

G

Create Folders / Append Data

H

Create Files / Write Data

I

List Folder / Read Data

J

Delete

K

Change Permissions

L

Take Ownership

M

Read Permissions

N

Synchronize (This is a hidden permission that is set when groups or users have Full Control permission.)

Security Templates

NTFS permissions are often granted using security templates, which are logical groupings of permissions. The following table describes the security templates applicable to files and folders, and how the list of permissions for these templates will appear in your policy compliance reports.

Template

Appears as

Full Control

A:B:C:D:E:F:G:H:I:J:K:L:M:N

Read

B:F:I:M

Write

A:E:G:H

List Folder Contents / Read & Execute

B:D:F:I:M

Modify

A:B:D:E:F:G:H:I:J:M

Example

The folder "Security" has the following permissions set:

The Administrators group has Full Control permission.
The SYSTEM group has Full Control permission.
The Power Users group has Modify permission.
User named Robert has Read permission.

These permissions translate to:

Administrators:A:B:C:D:E:F:G:H:I:J:K:L:M:N
SYSTEM:A:B:C:D:E:F:G:H:I:J:K:L:M:N
Power Users:A:B:D:E:F:G:H:I:J:M
Robert:B:F:I:M

Permission Translation Table in Compliance Reports

A permission translation table is provided for each file/directory permission control included in your compliance reports. The translation table appears below the Expected Value and Actual Value fields in the Detailed Results section of the report, and maps each letter that appears in the Actual Value field with the permission it represents.